Sr. Security Analyst- SCA & SAST

Company Profile

Lennox (NYSE: LII) Driven by 130 years of legacy, HVAC and refrigeration success, Lennox provides our residential and commercial customers with industry-leading climate-control solutions. At Lennox, we win as a team, aiming for excellence and delivering innovative, sustainable products and services. Our culture guides us and creates a workplace where all employees feel heard and welcomed. Lennox is a global community that values each team member's contributions and offers a supportive environment for career development. Come, stay, and grow with us.

Job Description

Experience & Qualification:

• 3-6 years of relevant experience
• B.E/B. Techormaster's degreefrom a reputed institute withgoodacademic'shistory.

MUST HAVE

• Technical Expertise
• Strong knowledge of SAST and SCA methodologies.
• Hands-on experience with tools like Fortify, Mend, Checkmarx, Veracode, SonarQube, GHAS.
• Programming Knowledge
• Proficiency in Java, .NET, Python, or JavaScript.
• Certifications (Preferred)
• CEH, CSSLP, GWAPT, or similar.
• Experience
• 3-6 years in application security.

Skillsrequired:

• SCA Management
• Perform dependency scanning to identify vulnerable open-source components.
• Use tools like Mend & GHAS for SCA.
• Ensure compliance with licensing and vulnerability management policies.
• SAST Implementation
• Configure and run SAST tools (e.g., Fortify, Checkmarx, Veracode, SonarQube).
• Integrate SAST into CI/CD pipelines for automated code scanning.
• Analyze scan results, prioritize vulnerabilities, and guide remediation.
• Secure Development Lifecycle
• Collaborate with developers to enforce secure coding standards.
• Conduct code reviews and threat modeling sessions.
• Governance & Compliance
• Align with OWASP Top 10, NIST, and ISO 27001 standards.
• Support audits and generate compliance reports.
• Training & Awareness
• Conduct developer training on secure coding and vulnerability remediation.

Qualifications

Role & Responsibility

The Senior Security Analyst (IC2) will be responsible for strengthening application security across the organisation by implementing secure development practices, performing vulnerability assessments, and driving DevSecOps initiatives. This role requires hands-on expertise in Static Application Security Testing (SAST), Software Composition Analysis (SCA), and a strong understanding of Application Security (AppSec) and DevSecOps principles.

Key Responsibilities:

• Application Security Testing :

Perform SAST and SCA scans for web, API, and mobile applications.

Analyse scan results, prioritise vulnerabilities, and collaborate with development teams for remediation.

• DevSecOps Integration

Embed security controls into CI/CD pipelines and automate security checks.

Drive adoption of secure coding practices and threat modelling across development teams.

• Risk Management

Conduct security reviews and validate secure architecture designs.

Maintain compliance with industry standards (OWASP, NIST, ISO 27001).

• Tool Management

Manage and optimise security tools such as HP Fortify, Checkmarx, Veracode, Burp Suite, and container security platforms.

Reduce false positives and improve scan efficiency.

• Collaboration & Training

Partner with architects, DevOps, and product teams to integrate security early in the SDLC.

Deliver training sessions on secure coding and tool usage.

• Continuous Improvement

Monitor emerging threats and recommend improvements to security processes.

Participate in POCs for new security tools and automation initiatives.